Cyber risk is the most immediate and financially material sustainability risk that organisations face today. Those who fail to implement good governance on cybersecurity, using appropriate tools and metrics, will be less resilient and less sustainable. For organisations across all industries, cyber security’s connection to ESG includes not only governance, but also social and environmental programs as well.
In addition to perennial concerns like anti-corruption, clean water and climate change, cyber security is rising to the top of the ESG agenda. As organisations become ever more digital, their ESG and cyber strategies should align with data at the center. Data drives every ESG decision, whether evaluating
- suppliers’ sustainability,
- tracking carbon footprint,
- measuring workforce diversity,
- spotting data leaks, and, most importantly,
- reporting ESG progress to meet growing demands for transparency.
Robust cyber security and reporting governance assure stakeholders that organisations have secure, resilient operations that prevent and recover from cyber-attacks. However, cyber security aligns not only with the “G” but also with the “S” and “E” in ESG.
E : The inter-connectedness of today’s world means that an organisation's cyber policy, compliance and risk metrics have significant impact on its overall ecosystem. The public has become increasingly aware of what companies are doing to reduce the carbon footprint across their value chains
S : Data breaches that make personal data public can severely damage an organisation’s relations with its customers. The public wants to know that information protection and individual privacy rights are sacrosanct and have confidence that their data will not be shared or sold.
G : Reporting on cyber risk metrics gives a strong impression of an organisation’s corporate governance and value systems (similar to ESG rating principles) There is also an increasing possibility that Cyber risk and resilience reporting as part of ESG may soon be a regulatory requirement.